CN113946877A

CN113946877A - Data security calculation method, system, computer equipment, storage medium and terminal

Info

Publication number: CN113946877A
Application number: CN202111035914.8A
Authority: CN
Inventors: 裴庆祺; 吴志辉; 初金朝
Original assignee: Xi'an Lianrong Technology Co ltd
Current assignee: Xi'an Lianrong Technology Co ltd
Priority date: 2021-09-04
Filing date: 2021-09-04
Publication date: 2022-01-18

Abstract

The invention belongs to the technical field of information security, and discloses a data security calculation method, a system, computer equipment, a storage medium and a terminal, wherein the data security calculation method comprises the following steps: building a trust calculation model based on a block chain; a plaintext calculation trusted space based on distributed multimode trust of a block chain is provided; determining a real-time verifiable contract execution mechanism based on a hardware chip; the data security computing system comprises: the system comprises a data management module, a data processing module and an intelligent interaction module. According to the data security computing system, the ownership of the data is guaranteed by tracing to the source on the chain through one-key data right confirmation; by simplifying the data stream transfer process, the barrier from the source to the use of the data is opened; through distributed encryption storage, private data is easily controlled; data value is mined through safe multi-party calculation, and the data calculation process is guaranteed not to be divulged; by calculating that the result is known and credible, the result on the chain can be verified; and controlling the interaction between the hardware equipment and the physical world through a preset instruction of the intelligent contract.

Description

Data security calculation method, system, computer equipment, storage medium and terminal

Technical Field

The invention belongs to the technical field of information security, and particularly relates to a data security calculation method, a data security calculation system, computer equipment, a storage medium and a terminal.

Background

At present, data are used by people very frequently, and the processing and sharing of digital information bring rapid development to economy and cause worry of people about data abuse and privacy problems. The exploration of a solution which can protect personal data privacy and enable data to play the greatest role, and accords with multi-party benefits is an urgent problem to be solved. Due to the characteristics of traceability, difficult tampering, distributed consensus and the like, the blockchain technology is concerned about building a trust system and protecting privacy, and is a good solution to the problems. However, since the blockchain technology and the real-world scenario are still in the break-in stage, there still exist some problems in terms of privacy issues for solving the big data stream transition. In order to solve the problem, people hardship the block chain nodes, realize automatic data acquisition and processing by means of the internet of things technology, and accelerate the falling of the block chain in a privacy protection scene in a software and hardware integration mode by utilizing the characteristics of fast calculation of hardware equipment, convenient module integration and deployment and the like.

A block chain all-in-one machine developed by an ant chain researches and develops a block chain password card, provides high-level safe and reliable key management for nodes, improves the efficiency of a password algorithm through hardware acceleration, and generates an identity key for the all-in-one machine through a password generation module. In addition, the block chain encrypted chip card developed by the space chain technology is characterized in that the chip is arranged in a packaging circuit board at the source, an external device and other equipment ends, and all data can be signed and encrypted by the block chain chip and uploaded to a block chain. The middle part is monitored no matter how many links are experienced, so that data can be prevented from being tampered.

In general, the work of blocking chain chip, which participates in the data privacy protection in a form of software and hardware integration, is increasingly perfected. However, most of the information remains in the data storage and hash chaining stage, and the challenge of performing trusted privacy security calculation in real combination with the blockchain technology still exists.

The block chain is taken as a platform, software and hardware technologies are combined, the privacy protection problem in the data use process is solved by using the cryptography principle, and many challenges still exist. One is that the data source is not trusted. Data input into the intelligent contract from the external is unprocessed and not verified, and the source of the data lacks credibility; secondly, the data is complicated to confirm and difficult to trace to the source. The ownership registration process of the data main body is complex and tedious, and the traditional scheme lacks an evidence chain and is difficult to trace to the source; thirdly, the data privacy is difficult to control and access. The user is used with private data under the condition of no knowledge, and the data main body is difficult to control the data of the user; fourthly, the data joint calculation is easy to divulge secret and difficult to track. In the multi-party joint calculation process of the data, the data is easy to leak, and the joint calculation process has the problems of counterfeiting and unreliability. In addition, most of the current blockchain items are used for data result chaining, so that the safety and the reliability of the computing process cannot be guaranteed, and the trust degree of the consensus process is reduced.

At present, inconvenience is brought to node deployment among block chain link points, threshold adding into a block chain is improved, and service and welfare cannot be improved for people who do not know a network or the block chain. Moreover, node users often need to maintain and configure computer equipment, which further hinders the practical popularization of block chains. On the other hand, for the intelligent contracts on the blockchain, the current practice is to invoke an intelligent contract interface deployed on the blockchain to initiate transactions by inputting data by the user himself. This obviously has a significant drawback in that the trustworthiness of the data source cannot be guaranteed. Although a prediction machine contract appears at present, which can help the intelligent contract to collect external data outside the chain, whether an external information source is credible or not still cannot be guaranteed. On the other hand, the multi-party security computation has important functions in the aspects of big data joint analysis, research institution joint investigation, joint computation of each user and the like. However, for the privacy problem in data use, the existing scheme is generally centralized management, which causes privacy disclosure, data management and the like. On the other hand, the current intelligent contracts still stay in application scenes of data transaction, evidence storage and the like, the application range is still limited, and the intelligent contracts cannot well interact with the physical world.

In order to solve the above problems, the block chain anonymous computing hardware can realize the software and hardware integration of the block chain, so that the block chain deployment is more convenient. The credibility of a data source of an intelligent contract is guaranteed in a hardware acquisition and sealed calling mode, the security and privacy of data joint calculation are guaranteed in a distributed trusted execution environment through embedding of encryption modules such as homomorphic encryption, zero knowledge proof and secure multi-party calculation, and simple interaction with a physical world is achieved through combination of an intelligent contract preset instruction and hardware.

Through the above analysis, the problems and defects of the prior art are as follows:

(1) most of the existing methods for participating in the data privacy protection in a software and hardware integrated manner stay at the stage of data storage and hash uplink, and the challenge of performing credible privacy security calculation in the process by really combining a block chain technology still exists.

(2) In the existing method for solving the privacy protection problem in the data use process by using the cryptology principle, data input into an intelligent contract from outside is not processed and verified, and the source of the data lacks credibility; the ownership registration process of the data main body is complex and tedious, and the traditional scheme lacks an evidence chain and is difficult to trace to the source.

(3) In the existing method for solving the privacy protection problem in the data use process by using the cryptology principle, a user uses private data under the unknown condition, and a data main body is difficult to control the data per se; in the multi-party joint calculation process of the data, the data is easy to leak, and the joint calculation process has the problems of counterfeiting and unreliability.

(4) Most of the current blockchain items are data result chaining, so that the safety and the credibility of the computing process cannot be guaranteed, and the trust degree of the consensus process is reduced.

(5) The block chain nodes bring inconvenience to the deployment of the nodes, improve the threshold of adding the block chain, cannot improve service and welfare for people who do not know the network or the block chain, and hinder the actual popularization of the block chain.

(6) The existing method for initiating a transaction by calling an intelligent contract interface deployed on a block chain through data input by a user cannot ensure the credibility of a data source. Although a prediction machine contract appears at present, which can help the intelligent contract to collect external data outside the chain, whether an external information source is credible or not still cannot be guaranteed.

(7) The existing scheme is generally centralized management, which causes the problems of privacy disclosure, data management and control and the like. On the other hand, the current intelligent contracts still stay in application scenes of data transaction, evidence storage and the like, the application range is still limited, and the intelligent contracts cannot well interact with the physical world.

The difficulty in solving the above problems and defects is: one is that the data source is not trusted. Data input into the intelligent contract from the external is unprocessed and not verified, and the source of the data lacks credibility; secondly, the data is complicated to confirm and difficult to trace to the source. The ownership registration process of the data main body is complex and tedious, and the traditional scheme lacks an evidence chain and is difficult to trace to the source; thirdly, the data privacy is difficult to control and access. The user is used with private data under the condition of no knowledge, and the data main body is difficult to control the data of the user; fourthly, the data joint calculation is easy to divulge secret and difficult to track. In the multi-party joint calculation process of the data, the data is easy to leak, and the joint calculation process has the problems of counterfeiting and unreliability. In addition, most of the current blockchain items are used for data result chaining, so that the safety and the reliability of the computing process cannot be guaranteed, and the trust degree of the consensus process is reduced.

The significance of solving the problems and the defects is as follows: a novel trust system is established by using the block chain and used as an infrastructure trust facility in the circulation processes of data processing, sharing and the like, the circulation of digital information can be accelerated, and the ownership and privacy storage of data rights and interests are ensured. Furthermore, under the condition of protecting data privacy, the multi-party joint carries out safe calculation, the maximum value of the data is mined, and the win-win of multi-party benefits is realized.

Disclosure of Invention

The present invention provides a data security calculation method, system, computer device, storage medium and terminal, and particularly relates to a block chain-based data security calculation method, system, computer device, storage medium and terminal.

The invention is realized in such a way that a data security calculation method comprises the following steps:

the method comprises the following steps that firstly, a trust calculation model based on a block chain is constructed, the credibility of data acquisition, right confirmation and use processes is improved, other nodes can participate in the data verification process, and a theoretical model is provided for consensus calculation;

step two, a block chain-based distributed multimode trusted plaintext calculation trusted space is provided, the trust level of calculation is improved, the trust dependence on hardware manufacturers is reduced, and data distributed trusted calculation is realized;

and step three, determining a real-time verifiable contract execution mechanism based on a hardware chip, realizing credible interaction with the physical world, and promoting the deep fusion of the block chain application and the actual scene.

Further, in step one, the building a block chain-based trust calculation model includes:

The trust calculation model based on the block chain comprises a data state, a data storage tree and a certificate chain table.

Wherein the data states are divided into two types: firstly, the address of the data main body, and secondly, the retrieval address is calculated; the user stores data, and the account address when the user represents an individual is the data main address; and the retrieval address automatically generated for the calculation is a calculation retrieval address when the data is combined for calculation, and is used for retrieving the calculation and inquiring the calculation process certificate and the calculation result generated in the calculation process.

The data state has the following fields: count, representing the data ownership; the dataRoot stores the hash value of the root node of the data storage tree; balance, which represents the stimulus value of the data subject; proofChain, which saves the head node of the calculation process chain; wherein the dataNode is an empty node when the data state is user, and the balance is a value of 0 when the data state is calculated data.

And the data storage tree stores all data under the user name, stores all data addresses stored on the cloud and associated with the user, combines the data addresses into a father node by pairwise pairing, and recursively hashes each pair of nodes until the nodes reach a root node to form the data storage tree.

And the certificate linked list is used for storing the generated certificate data in the calculation process of the data. A plurality of certificates are generated in the calculation process, and according to the calculation flow, new certificate data generated each time is added to the next node of the linked list; the first head node of the calculation process chain is saved in a data state, and when the data result is verified in a consensus mode, all the nodes verify the correctness of the certificate according to the head node so as to verify the correctness of the data calculation result.

The data validation and data calculation process can only be linked in the model form of the invention, and the data validation, sharing and joint calculation can be carried out according to the model of the invention.

When a transaction is sent, the following information is included: count, representing the current number of data states; signature, which ensures the attribution and correctness of data; v, r, s, a value used in cryptographic signatures of transactions to determine the sender of the transaction; data, transaction execution information to be sent, including data hash value, IPFS address, credentials generated by the calculation process, and satellite navigation information.

Before executing a transaction, the node will verify that the transaction satisfies the basic intrinsic rules; if none of the basic rules passes, then each node will not execute the transaction.

After the transaction is verified to be correct, each node runs a consensus algorithm to pack and execute the transaction; the consensus mechanism generates a verification certificate after verifying the transaction, and the verification certificate is used for proving that the node verifies the transaction by using the verification rule; according to the consensus mechanism, the miners can pack legal transactions into blocks after verifying the transactions, the blocks are broadcasted, and other nodes add the blocks to the local block chain account book after receiving and verifying the blocks.

The computing process voucher is verifiable data generated by data in a joint computing process; verifying the data calculation process and the calculation result by obtaining the certificate, and proving the correctness of the calculation process or the result; wherein the joint computation process comprises homomorphic ciphertext computation and multiparty computation, and the verifiable data comprises zero-knowledge proof.

After the transaction is executed, the on-chain state changes as follows:

(1) when the data state is the user, adding 1 to the data amount count owned by the user; when the data state is data calculation, the data certificate number count is added with 1;

(2) after the verification is passed, packaging the execution result into a block chain;

(3) if the data is the right-confirming data, the right-confirming data is mapped to the user address and added into a data storage tree corresponding to the user; if the data is the certificate data, the data is used as the next node of the calculation process chain and added to the linked list;

(4) The miner nodes of the packing blocks obtain corresponding excitation;

(5) when the verification fails, the transaction cannot be packed into the block, the transaction is invalid, and the count value cannot be increased; wherein the transaction satisfies a transaction rule of a native chain, the native chain being an Etherhouse.

Further, the inherent rules for validating a transaction are as follows:

(1) whether the IPFS address really has data and whether the hash value of the stored data is equal to the provided hash value;

(2) whether the transaction has a legitimate signature;

(3) whether the attached count value is equal to the count of the data state;

(4) if the data is in the data calculation process, checking whether the transaction result is legal; and verifying the result according to the certificate generated in the calculation process.

Further, in step two, the proposing a plaintext computing trusted space based on block chain distributed multimode trust includes:

for a complex data joint calculation scene, a safe and independent calculation space is opened up in an anonymous calculation box, the part of the privacy ciphertext data which is difficult to calculate is calculated in the space in a plaintext form, and the calculation process is invisible to any node, and comprises the following steps:

according to different data types, calculating complex data with large calculation amount, and performing plaintext calculation; the block chain anonymous computing hardware provides a trusted isolation space, and the type of computation is placed in a trusted execution environment for computation.

The box is used as a block chain node, and a trusted computing committee is established in a block chain network; the 'trusted computing committee' can realize cross-node and cross-mechanism communication, and realize distributed joint computation and data sharing of data.

Within a trusted computing committee, each node contributes a trusted execution environment TEE of the blockchain anonymous computing hardware; because different trust roots exist among different hardware manufacturers, TEE data mutual trust and intercommunication among different manufacturers are realized through a consensus mechanism, and a distributed and multi-mode trusted execution environment is jointly established; the space size of the distributed trusted execution environment is the sum of the sizes of the trusted execution memories of the boxes.

A set of consensus mechanism is operated among the committee members, when a user calls intelligent contract calculation data, the committee members unify correct contract calling results according to the generated calling requests and through consensus and a consensus algorithm according to the specific conditions of the committee.

The committee member correctly executes the contract and will receive the gas award.

Further, in step three, the determining a real-time verifiable contract execution mechanism based on a hardware chip includes:

The block chain anonymous computing box provides interaction capacity with a physical world and automatically executes a preset instruction through an intelligent contract triggering state; according to the principle and the idea of 'first execution and then verification', a credit mechanism is introduced, and execution results are identified and verified together and corresponding credit states are updated.

For a user operation scene, the block chain anonymous calculation box safely collects user information according to the description of the first step and the second step; the user makes corresponding behavior operation and records the behavior operation on the block chain through an intelligent contract; other nodes carry out consensus and verification according to the trust calculation model through historical data; and changing the reputation state of the user node according to the verification result.

For an automatic scene, the block chain anonymous computing box processes data according to an external instruction or a preset program, if a preset condition is triggered after the data is processed, the block chain anonymous computing box is connected with external equipment through trusted hardware to execute a corresponding preset instruction, and the execution behavior is stored on a chain through an intelligent contract; the other nodes verify and consensus the trigger condition of the instruction; and changing the reputation state of the box node according to the verification result.

Another object of the present invention is to provide a data security computing system applying the data security computing method, the data security computing system comprising:

the data management module is used for acquiring data of the data main body; encrypting the data, and storing the data in a cloud distributed database specified by a user; the box does not store data plaintext in the data acquisition and processing process;

the data processing module is used for realizing desensitization processing of data and carrying out combined calculation on the data; in the process of data acquisition and encryption processing, storing key certificate information on a block chain through an intelligent contract; other nodes perform consensus, verification, block generation, broadcasting and persistence operations on the certificate information through the trust calculation model;

and the intelligent interaction module is used for realizing the credible interaction between the block chain and the physical world through the anonymous computing box.

Further, in the data management module, the data comprises privacy data generated by financial trade, medical insurance, intelligent energy, social media and daily life; the cloud distributed database includes an IPFS.

It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:

Building a trust calculation model based on a block chain for data acquisition, storage and weight confirmation and joint calculation; a plaintext calculation trusted space based on distributed multimode trust of a block chain is provided; a real-time verifiable contract execution mechanism based on a hardware chip is determined.

It is another object of the present invention to provide a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:

Another object of the present invention is to provide an information data processing terminal for implementing the data security computing system.

By combining all the technical schemes, the industry pain point that the industry only carries out hash verification on data but cannot carry out richer data verification is solved by providing the credible computing model, and the industry blank of credible and safe multi-party computing on the chain is filled; by combining the intelligent contract and the hardware, the industry blank of chain consensus and credible interaction of the physical world is filled.

The invention has the advantages and positive effects that: the data security computing system provided by the invention provides the following functions:

(1) one-key data right determination and chain up-tracing guarantee data ownership.

The data is collected, the functions of uploading and signing the data are achieved, and the data is difficult to tamper and traceable. Meanwhile, the data position and time are also uploaded, and the reliability of data right confirmation is further guaranteed.

(2) The data flow process is simplified, and the barrier from the source to the use of the data is opened.

The box is of a sealing structure, and data are collected through the Internet of things equipment, so that credible collection of a data source is guaranteed.

(3) And distributed encrypted storage is adopted, and the private data is easily controlled.

The box provides a homomorphic encryption function, and the encrypted data is stored in a cloud platform (such as IPFS) or locally by calling a distributed storage interface. The data is stored in a distributed mode, and addresses can be retrieved through the chain. The decryption key is self-stored, the whole process is completed by one key, and data is easily controlled.

(4) The data value is safely calculated and mined in multiple ways, and the data calculation process is guaranteed not to be divulged.

The safe multi-party calculation is improved, and the data can be jointly used under the condition of ensuring the data privacy and avoiding divulging the secret. And providing a distributed trusted execution environment to realize trusted computation of data.

(5) The result of the calculation is known and credible, and the result on the chain can be verified.

Providing zero knowledge proof that the data can be verified on the chain. Other nodes can obtain relevant certificates from the chain and verify the process and the result. Tracking on a calculation process chain and protecting data privacy in a full life cycle.

(6) The intelligent contract presets instructions to control hardware equipment and interact with the physical world.

The box has the capability of connecting the Internet of things, and the physical equipment is controlled through the intelligent contract preset program, so that the capability of interacting with the physical world is achieved.

Compared with other similar products and schemes, the method further enriches the use modes of the data in the aspects of data uplink and right confirmation. The innovation points of the invention are as follows:

(1) a trust calculation model based on a block chain is provided, and distributed verifiability of data in terms of authority confirmation and use is supported.

(2) A data security system based on a block chain is provided, and privacy security of a distributed security room for protecting the full life cycle of data is provided.

(3) An adaptive real-time verifiable contract execution mechanism based on a combination of a blockchain and hardware is provided, and simple interaction is carried out with the physical world.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a flowchart of a data security calculation method according to an embodiment of the present invention.

FIG. 2 is a block diagram of a data security computing system provided by an embodiment of the present invention;

in the figure: 1. a data management module; 2. a data processing module; 3. and an intelligent interaction module.

Fig. 3 is a schematic diagram of a trust calculation model provided in an embodiment of the present invention.

Fig. 4 is a schematic diagram of a data transaction format provided by an embodiment of the invention.

Fig. 5 is a schematic diagram of an anonymous computing box according to an embodiment of the present invention, illustrating a data collection, encryption, and uplink process of key information.

Fig. 6 is a schematic diagram of a process in which a user shares data with an anonymous computing box and performs homomorphic computation on ciphertext data according to an embodiment of the present invention.

Fig. 7 is a schematic diagram of an architecture of an anonymous computing box for secure multi-party computing according to an embodiment of the present invention.

Fig. 8 is a flow chart of an anonymous computing box for secure multi-party computing according to an embodiment of the present invention.

Fig. 9 is a schematic process diagram of a distributed composition trusted execution environment of blockchain hardware devices according to an embodiment of the present invention.

Fig. 10 is a schematic diagram of a process for interacting an intelligent contract with a physical world through a blockchain hardware device according to an embodiment of the present invention.

Fig. 11 is a schematic diagram of a hardware structure of an anonymous computing box according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

In view of the problems in the prior art, the present invention provides a data security calculation method, system, computer device, storage medium and terminal, and the following describes the present invention in detail with reference to the accompanying drawings.

As shown in fig. 1, the data security calculation method provided in the embodiment of the present invention includes the following steps:

s101, building a trust calculation model based on a block chain;

s102, a plaintext calculation trusted space based on block chain distributed multimode trust is provided;

s103, determining a real-time verifiable contract execution mechanism based on a hardware chip.

As shown in fig. 2, the data security computing system provided by the embodiment of the present invention includes:

the data management module 1 is used for acquiring data of a data main body; encrypting the data, and storing the data in a cloud distributed database specified by a user; the box does not store data plaintext in the data acquisition and processing process;

The data processing module 2 is used for realizing desensitization processing of data and carrying out combined calculation on the data; in the process of data acquisition and encryption processing, storing key certificate information on a block chain through an intelligent contract; other nodes perform consensus, verification, block generation, broadcasting and persistence operations on the certificate information through the trust calculation model;

and the intelligent interaction module 3 is used for realizing the credible interaction between the block chain and the physical world through the anonymous computing box.

The technical solution of the present invention is further described below with reference to specific examples.

Example 1

Aiming at the problems in the prior art, the invention provides a solution, hardware equipment, a device and an edge terminal for data right determination, encrypted storage and private data safety multi-party calculation based on block chain chip and software and hardware integration, so as to improve privacy protection in the data circulation and use processes.

The block chain anonymous computing hardware (platform) is a block chain software and hardware integrated product which is developed aiming at the requirements of data authentication, safe storage, joint computation, trusted execution and the like under the background of data sharing and use. The invention provides a trust calculation model based on a block chain, and realizes manageability, availability and verification of data under privacy protection by relying on a cryptography (such as safe multiparty, zero-knowledge proof and the like). Meanwhile, the invention provides a trusted distributed plaintext computing space under a multimode trust scene for a user, provides a safe computing service which is rapidly deployed and conveniently used, and finally can realize trusted interaction with the physical world by combining with an intelligent contract preset instruction and a control component.

The invention constructs a data security system based on a block chain, namely, the security protection is carried out on the whole life cycle of data acquisition and transmission, storage and use, exchange and sharing, destruction and the like. The invention provides a block chain-based data security calculation method, hardware equipment and a platform, which mainly comprise the following steps:

the data management module collects data of data main bodies (such as privacy data generated by financial trade, medical insurance, intelligent energy, social media and daily life). And encrypting the data, and storing the data in a cloud distributed database (such as IPFS) specified by a user. The box does not store data plaintext in the data acquisition and processing process.

And the data processing module is used for realizing desensitization processing of data and carrying out combined calculation on the data. The method specifically comprises the following steps: and in the data acquisition and encryption processing processes, storing the key certificate information on the block chain through an intelligent contract. Other nodes will perform consensus, verification, block-out, broadcast and persistence operations on credential information through the trust calculation model of the first aspect described above.

The intelligent interaction module realizes the credible interaction between the block chain and the physical world through the anonymous computing box.

To achieve the above object, according to a first aspect of one or more embodiments of the present specification, a block chain-based trust computation model for data acquisition, storage validation, and join computation is proposed.

In the data model of the present invention, as shown in fig. 3, the data state, the data storage tree, and the credential chain table are included. The details are as follows:

the data states are divided into two types: the address of the data body (user) and the calculation retrieval address. The user stores data, and the account address when the user represents an individual is the data main address; and the retrieval address automatically generated for the calculation is a calculation retrieval address when the data is combined for calculation, and is mainly used for retrieving the calculation and inquiring a calculation process certificate and a calculation result generated in the calculation process.

The data state has the following fields: count, representing the data ownership; the dataRoot stores the hash value of the root node of the data storage tree; balance, which represents the stimulus value of the data subject; proofChain, which saves the head node of the computational process chain. Wherein the dataNode is an empty node when the data state is user, and the balance is a value of 0 when the data state is calculated data.

And the data storage tree stores all data under the user name. Similar to the merckel tree, the data storage tree of the present invention stores all data addresses stored on the cloud (such as IPFS) associated with the user, combines the data addresses into parent nodes by pairwise pairing, and recursively hashes each pair of nodes until reaching a root node to form the data storage tree.

And the certificate linked list is used for storing the generated certificate data in the calculation process of the data. The calculation process generates many certificates, and according to the calculation process, new certificate data is added to the next node of the linked list when new certificate data is generated. The first head node of the calculation process chain is saved in a data state, and when the data result is verified in a consensus mode, all the nodes verify the correctness of the certificate according to the head node so as to verify the correctness of the data calculation result.

When a transaction is sent, as shown in fig. 4, the following information should be included: count, representing the current number of data states; signature, which ensures the attribution and correctness of data; v, r, s, the value used in the cryptographic signature of a transaction, may be used to determine the sender of the transaction; data, transaction execution information (including but not limited to data hash value, IPFS address, credentials generated by the computing process, satellite navigation information, etc.) that needs to be sent.

Before executing a transaction, the node will verify that the transaction satisfies some basic (inherent) rules. If none of these basic rules pass, the nodes will not execute the transaction.

The inherent rules for validating a transaction are as follows:

1. whether the IPFS address really has data and whether the hash value of the stored data is equal to the provided hash value;

2. whether the transaction has a legitimate signature;

3, whether the count value attached by the data state is equal to the count of the data state or not;

4. if the data calculation process is carried out, whether the transaction result is legal is checked (the result is verified according to the certificate generated in the calculation process).

After the transaction is verified to be correct, each node runs a consensus algorithm to pack and execute the transaction. The consensus mechanism of the invention can generate a verification certificate after verifying the transaction so as to prove that the node verifies the transaction by using the verification rule. According to the consensus mechanism, the miners can pack legal transactions into blocks after verifying the transactions, the blocks are broadcasted, and other nodes can add the legal transactions to the last of the local block chain account book after receiving and verifying the legal transactions.

Furthermore, the computation process credential described in the present invention is verifiable data (e.g., zero knowledge proof) generated by data in a joint computation process (homomorphic ciphertext computation, multiparty computation). By obtaining the credentials, the data calculation process and the results of the calculation can be verified to prove the correctness of the calculation process or the results.

After the transaction is executed, the on-chain state changes as follows:

1. when the data state is the user, the data amount count owned by the user is added with 1; when the data state is data calculation, the data certificate number count is added with 1;

2. after the verification is passed, packaging the execution result into a block chain;

3. if the data is the data with the right, the data is mapped to the user address and added into a data storage tree corresponding to the user; if the data is the certificate data, the data is taken as the next node of the calculation process chain and added to the last of the linked list;

4. the miners' nodes of the packing blocks can obtain corresponding excitation;

5. when the verification fails, the transaction cannot be packed into the block, the transaction is invalid, and the count value cannot be increased.

In addition, the transaction should satisfy the transaction rules of the native chain (e.g., EtherFang).

According to a second aspect of one or more embodiments of the present specification, there is provided a plaintext computing trust space based on a blockchain distributed multimodal trust. Specifically, for a complex data joint calculation scene, a safe and independent calculation space is opened up in an anonymous calculation box, and a part of private ciphertext data which is difficult to calculate is calculated in the space in a plaintext form. The calculation process is not visible to any node. The method specifically comprises the following steps:

According to different data types, the calculation amount is large, the calculation is complex, and plaintext calculation is performed. The block chain anonymous computing hardware provides a trusted isolation space, and the type of computation is placed in a trusted execution environment for computation so as to guarantee confidentiality and integrity of key codes and data of users.

The box serves as a block chain node, and a trusted computing committee is established in a block chain network. The 'trusted computing committee' can realize cross-node and cross-mechanism communication, and realize distributed joint computation and data sharing of data.

Within the trusted computing committee, each node contributes a Trusted Execution Environment (TEE) for the blockchain anonymous computing hardware. Because different trust roots exist among different hardware manufacturers, TEE data mutual trust and intercommunication among different manufacturers are realized through a consensus mechanism, and a distributed and multi-mode trusted execution environment is jointly established. The space size of the distributed trusted execution environment is the sum of the sizes of the trusted execution memories of the boxes.

When the users call the intelligent contract calculation data, the committee members unify the correct contract calling result according to the generated calling request and through consensus (consensus algorithm is determined according to the specific conditions of the committee).

According to a third aspect of one or more embodiments of the present specification, a real-time verifiable contract execution mechanism based on a hardware chip is presented. The method comprises the following steps:

the block chain anonymous computing box provides the capability of interacting with the physical world, and automatically executes preset instructions through the intelligent contract triggering state. According to the principle and the idea of 'first execution and then verification', a credit mechanism is introduced, and execution results are identified and verified together and corresponding credit states are updated.

For a user operation scene, the block chain anonymous computing box collects user information safely according to the description of the first aspect and the second aspect. And the user makes corresponding behavior operation and records the behavior operation on the block chain through the intelligent contract. And other nodes carry out consensus and verification according to the trust calculation model of the first aspect through historical data. And changing the reputation state of the user node according to the verification result.

For an automatic scene, the block chain anonymous computing box executes a corresponding preset instruction through the connection of trusted hardware and external equipment if a preset condition is triggered after data processing is completed according to an external instruction or a preset program, and stores the execution behavior on a chain through an intelligent contract. The other nodes verify and agree on the trigger condition for the instruction. And changing the reputation state of the box node according to the verification result.

In summary, the present invention provides the following functions:

1. one-key data right determination and chain up-tracing guarantee data ownership.

2. The data flow process is simplified, and the barrier from the source to the use of the data is opened.

3. And distributed encrypted storage is adopted, and the private data is easily controlled.

4. The data value is safely calculated and mined in multiple ways, and the data calculation process is guaranteed not to be divulged.

5. The result of the calculation is known and credible, and the result on the chain can be verified.

6. The intelligent contract presets instructions to control hardware equipment and interact with the physical world.

Compared with other similar products and schemes, the method further enriches the use modes of the data in the aspects of data uplink and right confirmation. The innovation points are as follows:

Example 2

The block chain anonymous computing hardware can realize software and hardware integration, and realize data source trusted acquisition, encrypted storage, authentication, combined use and the like. The public and private keys of the nodes and the node starting program are built in the block chain anonymous computing hardware, and the block chain private chain or a key connection block chain (Ether shop) network can be built by self.

In one embodiment, as shown in fig. 5, is a general process of data acquisition and processing by the blockchain anonymity computing hardware. The chip of the internet of things is embedded in the anonymous computing hardware of the block chain, and automatic data, state data, file data and the like can be acquired through technologies such as wireless networks (WIFI, 4G/5G), sensors, wired connection, radio frequency identification and the like. In addition, the node is embedded with a GPS chip, so that the position tracking of a data source can be realized. The block chain anonymous computing hardware is in a sealed state, manual operation is reduced in the data collection and processing processes, and integrated protection is achieved. The collected data is homomorphic encrypted through the encryption module. For encrypted data, there may be a plurality of storage modes: one is that the user makes a storage path and stores the encrypted data into a designated space (which can be retrieved by the outside world); one is that distributed cloud storage is performed through an IPFS module by default, and a hash mark is returned for retrieval by a user.

In order to better determine the right and trace the data, the block chain anonymous computing hardware takes a hash value of the homomorphic ciphertext and digitally signs the data by using a key embedded in the device. And the calculated ciphertext hash, the digital signature, the storage address of the IPFS, the GPS position, the clock information and the like are stored on the block chain through an intelligent contract. In addition, the block chain anonymous computing hardware embeds distributed identity Identifiers (DID), and the DID and the data are stored on the block chain together through an intelligent contract, so that identity privacy and the identity right of a data main body are further protected.

Specifically, the above-mentioned generated data for right confirmation is verified, identified, broadcast and persisted on the chain by intelligent contract as follows:

such as sent to the blockchain network in a transactional manner, to be commonly recognized by other nodes. Assuming that the box has an address of 0xtest generated by the embedded private key, the current user has x pieces of data. The form of the send transaction is:

(x + 1) representing the current number of data states;

signature (private key signature) to ensure the attribution and correctness of data;

v, r, s (private key parameters);

data (storage address of data at IPFS address + hash).

After receiving the transaction, the other nodes verify the transaction, and the verification rule is as follows:

firstly, whether count +1 of user 0xtest is equal to x +1 or not is judged to avoid repeated operation;

whether the Signature is correct or not;

and thirdly, whether the storage address content of the IPFS is empty or not and whether the hash value of the IPFS is equal to the uploaded hash value or not are judged in the Data.

When the verification is passed, the transaction will be placed into the transaction pool. After a period of time, the blockchain network nodes will run a consensus mechanism, enumerate miners to package the transactions and broadcast them to the entire network. After the other nodes verify that the block passes, the block containing the transaction is added locally.

From this, the data is finalized and stored.

When a data owner needs to confirm data, only a path from a node to a dataRoot needs to be provided from a data storage tree corresponding to a user address, and the attribution and the authenticity of the data can be proved.

Example 3

Blockchain anonymity computation hardware can perform secure privacy computations between data owners and data consumers. In one embodiment, as shown in FIG. 6, is a process for performing joint computations between a data owner and a data consumer. Through the block chain anonymous computing hardware, safe joint computation can be performed between a data owner and a data demander under the condition of protecting the privacy of a data main body.

Before describing the specific process of calculation, initialization explanation is carried out. As described in the first aspect of the invention, the following process will be sent in a transactional manner into the blockchain network, as is commonly known by other nodes. The box generates a data address of 0xdata _ x for the data calculation, the count of the data calculation is initialized to 0, the dataRoot is empty, the balance is empty, the proofChain is initialized to the head node of the calculation process, and the head node points to the next node.

The credentials generated by the data calculation process are verified, agreed, broadcast, and persisted on the chain by intelligent contracts. The specific process is as follows:

In the first step, the data owner partially exposes the data information for data presentation using a "partial exposure" module. And after consensus verification, part of the disclosed data information is added to the next node of the proofChain.

In the second step, the data consumer needs to use the data to initiate a request to the data owner. After the agreement of the data owner, the user obtains homomorphic encrypted data according to the IPFS address, and homomorphic calculation is carried out on the data in the box (or the local). A calculation result is obtained. In the process of homomorphic calculation of data, several generated calculation certificates are sequentially added to the next node of proofChain.

In the embodiment of the invention, the data in the calculation process is encrypted, the calculation result is also encrypted, and only the private key of the data owner can decrypt the data.

Thirdly, the data owner decrypts the calculation result sent by the data user through the verifiable encryption module and sends the calculation result back to the user. The credential data used for decryption and the decryption result are added to the next node of proofChain.

Fourthly, the user verifies the correctness of the data.

As a node which does not participate in calculation, the accuracy of the calculation process and the accuracy of the calculation result can be verified by acquiring the proofChain head node of 0xdata _ x and then sequentially traversing the whole calculation process linked list.

Example 4

The block chain anonymous computing hardware can realize safe multi-party computing among multiple mechanisms (multiple users) on the premise of protecting data privacy. In one embodiment, as shown in fig. 7 and 8, the procedure of multi-party secure computation by the block chain anonymous computing box is implemented by combining software and hardware.

The first step, the intention of joint calculation is achieved through a block chain intelligent contract and multi-node negotiation, and joint multi-party calculation is carried out on respective private data. Generating a calculation retrieval address (such as 0 xcompute) for the calculation through a consensus mechanism;

and secondly, each node negotiates a joint public key and a respective private key for homomorphic encryption through secure multiparty calculation, wherein the private key of each node can encrypt data, ciphertext data can be homomorphic operated through the joint public key, and the decryption process is completed by the corresponding private key.

And thirdly, each node executes safe multi-party calculation according to respective private data. For simple ciphertext calculation, ciphertext calculation is directly performed in a chip, key public information in the calculation process is stored in a block chain, and each node in the later stage verifies the correctness of the calculation process and the calculation result by using zero knowledge proof; for complex ciphertext calculation, due to the limitation of performance, a safe device needs to be externally connected, ciphertext (or plaintext) calculation is carried out on the external device, and verifiable data generated in the calculation process passes through a box uplink for later verification. The generated voucher is added to the next node of proofChain via a consensus mechanism.

And fourthly, each node finds the head node of proofChain by calculating the retrieval address, and verifies the correctness of the credentials in the calculation process in sequence, thereby achieving the authentication of the correctness of the result.

Example 5

Blockchain anonymous computing hardware may improve the distributed trusted execution environment. A Trusted Execution Environment (TEE) is a secure area within a host processor. It runs in a separate environment and in parallel with the operating system. It ensures that the confidentiality and integrity of the code and data loaded in the TEE are protected. This parallel system is more secure than the conventional system (REE) by protecting data and code using both hardware and software. Trusted applications running in the TEE can access all functions of the device main processor and memory, while hardware isolation protects these components from user-installed applications running in the main operating system. Software and cryptographic isolation in the TEE protects different trusted applications from each other.

As shown in FIG. 9, anonymous computing boxes are distributed to form a trusted execution space. Each node (box) may open up a Trusted Execution Environment (TEE) on the hardware device, but cannot reliably access the network or persistent storage because the TEE cannot fully guarantee availability (since the host may decide to terminate the TEE on its own). Meanwhile, as the TEE trust roots of different hardware manufacturers are different, the TEE spaces of the hardware manufacturers cannot be communicated with each other. And combining the distributed characteristic of the block chain, forming a distributed multimode trusted execution environment by each node, and reliably executing data. The block chain anonymous computing hardware is used as a block chain node, and a 'trusted computing committee' is established through election. Within the "trusted computing committee", a consensus mechanism is run to perform trusted computing on the data.

Specifically, in the 'trusted computing committee', each node contributes a Trusted Execution Environment (TEE) of the block chain anonymous computing hardware, and data intercommunication among trusted execution environments under different trust roots is achieved through a consensus mechanism, so that a distributed trusted execution environment is jointly established. The space size of the distributed trusted execution environment is the sum of the sizes of the trusted execution memories of the boxes.

A set of consensus mechanism is operated among the committee members, when a user calls an intelligent contract, a call request is generated, and correct contract calling results are unified among the committee members through consensus (consensus algorithm is determined according to the specific conditions of the committee).

In order to stimulate the node to take out the trusted execution space and execute the calculation required in the intelligent contract, gas is used as the stimulation and is issued to the corresponding node according to the provided trusted execution space execution condition.

Example 6

Blockchain anonymity computing hardware may interact with the physical world. As shown in fig. 10, the blockchain anonymous computing hardware is used as a blockchain node, and trusted interaction with a physical world connected with the hardware is realized by integrating intelligent contract preset instructions and the hardware. An intelligent contract is a computer transaction agreement that automatically enforces contract terms without the need for an intermediary, self-verification. By means of the decentralized infrastructure of the block chain, the method can play an important role in a trusted execution environment. The invention embeds a block chain chip in a hardware facility, executes an intelligent contract preset instruction, and interacts with the physical world. The method specifically comprises the following steps:

Data entered, collected from the outside world, interacts with the blockchain through anonymous computing boxes. The intelligent contract outputs a state instruction by calling and executing the contract starting event. The instructions can control the hardware device through the anonymous computing box, and further interact with the physical world. One scenario is as follows: and in the Internet of vehicles, loading the discovered blockchain hardware equipment. When the automobile brakes suddenly for many times or alcohol gas is found in the automobile, data are collected through equipment, and an intelligent contract is triggered after the automobile is linked. And the intelligent contract outputs an instruction of 'parking beside the side'. Through the interaction of the box and the automobile, the automobile automatically executes the command of parking beside.

Example 7

Fig. 11 is a hardware configuration diagram of a blockchain anonymous computing box, wherein the device interface and sensor are used for data acquisition, the encryption circuit is used for data encryption, secure computing, etc., the TEE trusted execution environment corresponds to the secure room description of the present invention, and the blockchain module is used for interacting with a blockchain network. Generally speaking, the invention is a software and hardware integrated product which is based on a block chain and developed aiming at the requirements of data right determination, safe storage, joint calculation and the like.

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When used in whole or in part, can be implemented in a computer program product that includes one or more computer instructions. When loaded or executed on a computer, cause the flow or functions according to embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.)). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.

The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.

Claims

1. A data security computing method is characterized by comprising the following steps:

step one, constructing a trust calculation model based on a block chain;

step two, a plaintext calculation trusted space based on block chain distributed multimode trust is provided;

and step three, determining a real-time verifiable contract execution mechanism based on the hardware chip.

2. The data security computation method of claim 1, wherein in step one, the building of the block chain-based trust computation model comprises:

the trust calculation model based on the block chain comprises a data state, a data storage tree and a certificate linked list;

wherein the data states are divided into two types: firstly, the address of the data main body, and secondly, the retrieval address is calculated; the user stores data, and the account address when the user represents an individual is the data main address; the retrieval address automatically generated for the calculation is a calculation retrieval address when the data is combined for calculation, and is used for retrieving the calculation and inquiring a calculation process certificate and a calculation result generated in the calculation process;

The data state has the following fields: count, representing the data ownership; the dataRoot stores the hash value of the root node of the data storage tree; balance, which represents the stimulus value of the data subject; proofChain, which saves the head node of the calculation process chain; wherein, when the data state is user, the dataNode is empty node, when the data state is calculated data, the balance is 0 value;

the data storage tree stores all data under a user name, stores all data addresses stored on the cloud and related to the user, combines the data addresses into father nodes through pairwise pairing, and recursively hashes each pair of nodes until the nodes reach a root node to form the data storage tree;

the certificate linked list is used for storing the generated certificate data in the calculation process of the data; a plurality of certificates are generated in the calculation process, and according to the calculation flow, new certificate data generated each time is added to the next node of the linked list; the first head node of the calculation process chain is stored in a data state, and when the data result is verified in a consensus mode, each node verifies the correctness of the certificate according to the head node so as to verify the correctness of the data calculation result;

When a transaction is sent, the following information is included: count, representing the current number of data states; signature, which ensures the attribution and correctness of data; v, r, s, a value used in cryptographic signatures of transactions to determine the sender of the transaction; data, transaction execution information to be sent, including a data hash value, an IPFS address, a certificate generated in a calculation process and satellite navigation information;

before executing a transaction, the node will verify that the transaction satisfies the basic intrinsic rules; if the basic rules can not pass, each node can not execute the transaction;

after the transaction is verified to be correct, each node runs a consensus algorithm to pack and execute the transaction; the consensus mechanism generates a verification certificate after verifying the transaction, and the verification certificate is used for verifying the transaction by the verification node by using the verification rule; according to the consensus mechanism, the miners can pack legal transactions into blocks after verifying the transactions, the blocks are broadcasted, and other nodes add the blocks to the local block chain account book after receiving and verifying the blocks;

the computing process voucher is verifiable data generated by data in a joint computing process; verifying the data calculation process and the calculation result by obtaining the certificate, and proving the correctness of the calculation process or the result; wherein the joint computation process comprises homomorphic ciphertext computation and multiparty computation, and the verifiable data comprises a zero-knowledge proof;

After the transaction is executed, the on-chain state changes as follows:

(4) the miner nodes of the packing blocks obtain corresponding excitation;

3. A data security computation method according to claim 2, wherein the intrinsic rules for validating a transaction are as follows:

(2) whether the transaction has a legitimate signature;

(3) whether the attached count value is equal to the count of the data state;

4. The data security computing method according to claim 1, wherein in step two, the proposing a plaintext computing trust space based on distributed multimode trust of a blockchain comprises:

according to different data types, calculating complex data with large calculation amount, and performing plaintext calculation; a committee is formed among the anonymous computing hardware of the block chains, a distributed credible isolation space is provided, and the computation is carried out in a credible execution environment;

the box is used as a block chain node, and a trusted computing committee is established in a block chain network; the credible computing committee can realize cross-node and cross-mechanism communication, and realize distributed joint computation and data sharing of data;

within a trusted computing committee, each node contributes a trusted execution environment TEE of the blockchain anonymous computing hardware; because different trust roots exist among different hardware manufacturers, TEE data mutual trust and intercommunication among different manufacturers are realized through a consensus mechanism, and a distributed and multi-mode trusted execution environment is jointly established; the space size of the distributed trusted execution environment is the sum of the sizes of the trusted execution memories of the boxes;

Running a set of consensus mechanism among the committee members, and unifying correct contract calling results according to the generated calling request and by consensus among the committee members when a user calls intelligent contract calculation data according to the specific conditions of the committee;

5. The data security computing method of claim 1, wherein in step three, the determining a real-time verifiable contract execution mechanism based on a hardware chip comprises:

the block chain anonymous computing box provides interaction capacity with a physical world and automatically executes a preset instruction through an intelligent contract triggering state; according to the principle and the idea of executing first and then verifying, introducing a credit mechanism, commonly verifying the execution result and updating a corresponding credit state;

for a user operation scene, the block chain anonymous calculation box safely collects user information according to the description of the first step and the second step; the user makes corresponding behavior operation and records the behavior operation on the block chain through an intelligent contract; other nodes carry out consensus and verification according to the trust calculation model through historical data; changing the credit state of the user node according to the verification result;

6. A data security computing system for implementing the data security computing method of any one of claims 1 to 5, the data security computing system comprising:

7. The data security computing system of claim 6, wherein in the data management module, the data includes private data generated by financial trading, medical insurance, smart energy, social media, and daily life; the cloud distributed database includes an IPFS.

8. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of:

9. A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:

10. An information data processing terminal, characterized in that the information data processing terminal is used for implementing a data security computing system according to any one of claims 6 to 7.